22 Feb
2005
22 Feb
'05
4:03 p.m.
Bohdan Linda wrote:
In other words, is it safe to use together: CAfile=/path/to/my/cacert.pem CApath=/path/to/only/clientcerts
Yes.
Does not one override other?
No.
Do you have your cacert.pem symlinked in your CApath?
No.
And lastly as CApath is within chroot, what is the impact if certificates stored in are "stolen" by successfull break-in?
Certificates are public, so there's no additional impact. What you need to protect is your private key.
Best regards, Mike